The year 2009 will be a threat for most CIOs. There will be pressure on IT budgets. On the other hand, many threats like Governance and Risk Management aren’t solved in most organizations today.

The Business/IT alignment still is an open topic for most organizations. Cost cutting is important as well. And the security problems are still there.

My five main points for the CIO agenda are:

  • Business control
  • GRC
  • Independence
  • Accountability
  • IT organization

Not many aspects, but the ones which are most important for a long term success of business and IT. You might add reliability/availability as another aspect. You might discuss about other aspects like virtualization, but all these things like virtualization are only derived from other requirements on a higher level.

Business control is pretty clear. IT has to do what the business needs. In a way that is as efficient as possible. Flexibility and many other requirements are derived from this necessity. As I’ve highlighted several times, GRC is likely to become the business control layer for IT.

GRC, e.g. making the move from Corporate to IT governance and supporting the compliance standards in an efficient manner is another important part of today’s IT business. From that perspective, GRC and Business control can be understood as one topic.

Independence is something which is often not taken into account. I doubt that there are many areas in corporations which such a high degree of vendor lock-in like in IT. The way business adopt themselves to specific ERP systems are just one example. The real problem is that vendor and product decisions in IT often are made without a clear analysis of the impact these decisions have on the long-term lock-in to a vendor. A specific aspect of independence is SaaS – with focus on how SaaS provides flexibility without a lock-in. The independence to choose any SaaS provider and to flexibly move from internal to external or to other SaaS providers is one of the topics to look at.

And there is accountability, e.g. the ability for a clear view on IT costs, the ability to assign costs to departments and so on. The need for an ERP for IT. This influences many areas of IT, like the need to use services in the context of identities because this is the only way to collect the information for a correct cost assignment.

The last point is the redefinition of IT organizations.

The interesting point is, that – from my perspective – all major IT activities can be subsumed under these few points. Thus, a CIO can measure all his activities based on these aspects – which might lead to a pretty simple dashboard or scorecard.

It might be a good idea to build a matrix with four or five pillars and three rows. Define the top 3 initiatives in any area – and focus on them. That approach is much more valid than the Top 10 list of all IT projects or something like that. There are several areas CIOs have to act on – but not many. And for all areas, some key initiatives and projects have to be defined.